CyberHosting

Security Alert - Need Update

www.webpagetest.org - finds out that wordpress sites hosted on cyberpanel does have security issues and gives "F" score.

Need to add these:

Strict Transport Security (HSTS)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

X Content Type Options
The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Frame Options
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

X XSS Protection
A Cross-site scripting filter

Thanks

Comments

  • edited May 21
    You can add them in OLS panel. very easy
  • edited May 21
    This is not a security alert that needs an update.

    Security headers should be set at an individual server or even a site level.

    If you are using OLS then you can use this method: https://forums.cyberpanel.net/discussion/88/tutorial-how-to-add-additional-http-header

    If you are using LSWS then you can just add them to apache config files or .htaccess for individual sites.
    S-4.host - Sustainable, Secure, Speedy and Stable WP hosting built on Litespeed Ent. and Cyberpanel
  • HSTS cannot be implemented would cause issues for Cyberpanel installations where upon completion you use the IP to access to then continue the setup.

    As for other headers

    X-Frame-Options
    CSP
    X-Content-Type-Options
    Referrer-Policy

    Are all implemented try securityheaders.com for tests

    Cyberpanel actually grades B compared to other rival panels as grade D

    I had those implemented back in 1.8.x and similar implemented into the webadmin for openlitespeed.
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!